Core Concepts
Security

Security

Understanding Akira's security model and isolation guarantees.

Threat Model

Akira is designed for one primary threat: running untrusted code safely.

This includes:

  • AI-generated code that might be malicious or buggy
  • User-submitted code in multi-tenant environments
  • Third-party scripts and tools
  • Experimental code during development

Isolation Layers

Akira provides multiple layers of isolation:

┌─────────────────────────────────────────────────────┐
│                   Your Infrastructure                │
├─────────────────────────────────────────────────────┤
│                  Akira Platform                      │
│  ┌───────────────────────────────────────────────┐  │
│  │            Hardware Virtualization             │  │
│  │  ┌─────────┐  ┌─────────┐  ┌─────────┐       │  │
│  │  │ Sandbox │  │ Sandbox │  │ Sandbox │       │  │
│  │  │  (VM)   │  │  (VM)   │  │  (VM)   │       │  │
│  │  │         │  │         │  │         │       │  │
│  │  │ Process │  │ Process │  │ Process │       │  │
│  │  │ + Code  │  │ + Code  │  │ + Code  │       │  │
│  │  └─────────┘  └─────────┘  └─────────┘       │  │
│  └───────────────────────────────────────────────┘  │
└─────────────────────────────────────────────────────┘

Layer 1: Hardware Virtualization

Each sandbox runs in its own micro-VM with hardware-level isolation:

Isolation TypeProtection
CPUSeparate virtual CPUs, no shared execution
MemoryIsolated address spaces, no shared RAM
StorageSeparate virtual disks
NetworkIsolated network namespaces

Layer 2: Minimal Attack Surface

Micro-VMs have a tiny attack surface compared to traditional VMs:

  • Minimal device emulation
  • No legacy hardware support
  • Reduced hypervisor interface
  • Purpose-built for sandboxing

Layer 3: Resource Limits

Bounded resources prevent abuse:

  • CPU limits - Maximum cores allocated
  • Memory limits - Maximum RAM available
  • Time limits - Automatic termination after timeout
  • Storage limits - Bounded disk space

What Sandboxes CAN'T Do

A sandbox cannot:

ActionProtection
Access host filesystemHardware isolation
Access other sandboxesNetwork isolation
Exhaust host resourcesResource limits
Run indefinitelyTimeout enforcement
Access cloud credentialsNo credential injection
Make unlimited network requestsRate limiting

What Sandboxes CAN Do

By default, sandboxes can:

  • Execute arbitrary code
  • Make outbound network requests
  • Read/write their own filesystem
  • Use allocated CPU and memory
  • Access sandbox storage

Network Security

Default Configuration

  • Outbound: Allowed (can reach internet)
  • Inbound: Blocked (cannot be reached)
  • Inter-sandbox: Blocked

Network Isolation

Sandboxes cannot:

  • Communicate with other sandboxes
  • Access internal network services
  • Scan or probe your infrastructure
⚠️

Outbound Access

By default, sandboxes can make outbound requests. If running truly untrusted code, consider network restrictions.

API Security

Authentication

All API requests require authentication via x-api-key header:

curl -H "x-api-key: YOUR_API_KEY" https://api.akiralabs.ai/v1/sandboxes/list

Key Management

  • Keys are scoped to your organization
  • Rotate keys regularly
  • Never commit keys to version control
  • Use environment variables
// Good: Environment variable
const client = new SandboxSDK({
  apiKey: process.env['AKIRA_API_KEY'],
});
 
// Bad: Hardcoded key
const client = new SandboxSDK({
  apiKey: 'sk_live_abc123', // Never do this!
});

Best Practices

For AI Agent Developers

  1. Always use sandboxes - Never run AI-generated code directly
  2. Set timeouts - Prevent infinite loops and runaway processes
  3. Validate outputs - Don't trust sandbox outputs blindly
  4. Clean up - Delete sandboxes when done

For Platform Operators

  1. Rotate API keys - Regular key rotation
  2. Monitor usage - Watch for anomalous patterns
  3. Set resource limits - Appropriate CPU/memory bounds
  4. Review audit logs - Track sandbox operations

For Security-Sensitive Workloads

  1. Disable network - Block outbound if not needed
  2. Use ephemeral sandboxes - Don't persist state
  3. Limit storage access - Minimize data exposure
  4. Implement timeouts - Short execution limits

Comparison: Containers vs Akira

FeatureContainersAkira Sandboxes
IsolationProcess-levelHardware-level
KernelSharedSeparate
Escape riskContainer escapes possibleVM escape required
Startup timeFastFast (micro-VM)
Resource overheadLowLow (minimal VM)

Security Guarantees

Akira provides:

  • Confidentiality - Sandboxes cannot read other sandboxes
  • Integrity - Sandboxes cannot modify host or other sandboxes
  • Availability - Resource limits prevent DoS

Akira does NOT protect against:

  • Malicious use of your own API keys
  • Data exfiltration via network (if enabled)
  • Side-channel attacks (theoretical)

Incident Response

If you suspect a security issue:

  1. Revoke affected API keys immediately
  2. Delete suspicious sandboxes
  3. Review audit logs
  4. Contact security@akiralabs.ai

Next Steps

SandboxesAutonomous Agents